jwt_auth_bad_config

  • Ibby

    (@ibby)


    7 years ago

    Hi all,

    Not sure if anyone is still having a problem with this but I know it was discussed previously.

    Whenever I try to login to a WP site using the JWT plugin, I am getting a 403 ‘jwt_auth_bad_config’ error code. I’ve tried everything suggested:

    1. I’ve tried moving:

    define('JWT_AUTH_SECRET_KEY', 'secret_key');
define(‘JWT_AUTH_CORS_ENABLE’, true);
define('WP_DEBUG', true);

    to above WP_DEBUG in wp_config as shown.

    2. I’ve edited my .htaccess file to reflect:

    # BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

</IfModule>

# END WordPress

    I’m still receiving the error after all of this. Does anyone know if there is a workaround?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Kerygmata

    (@kerygmata)

    Did you setup your secret key correctly?

    It was suggested to use a string from here https://api.www.ads-software.com/secret-key/1.1/salt/

    Seems like that could be related to the error, not sure though.

    if (!$secret_key) {
            return new WP_Error(
                'jwt_auth_bad_config',
    Thread Starter Ibby

    (@ibby)

    The key I’m using is from the WordPress salt generator. I guess I can try changing it to another one…

    But that’s interesting because the error is thrown due to no secret key hmmm. I wonder what the issue can be.

    Kerygmata

    (@kerygmata)

    Hmm, not sure. Seems like it should work. That’s the only place I noticed that error in the source code –so seems like something surrounding that key.

    I wonder if it is something to do with your server. Looks like some special instructions for WP Engine for example.

    Not sure if this would matter, but I have it working and this stuff:

    RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

    is right before the whole # BEGIN WordPress in my .htaccess

    Good luck debugging. ??

    Thread Starter Ibby

    (@ibby)

    Thank you very much Kerygmata! This has put me on the right track I think. I tried running a clean install and it logged in straight away. It seems like something to do with the theme is obstructing the JWT output (most likely the token creation).

    I’ll look into this further but at least it proves that there’s nothing wrong with the plugin function itself!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘jwt_auth_bad_config’ is closed to new replies.